CONFIDENTIALITY POLICY

1. REFERENCE DOCUMENTS
General Regulation on Data Protection no. 679/2016 (“GDPR”)
DOBROGEA GRUP privacy policy and protection of personal data

Analysis of the legal basis
Cookies policy
Employee privacy policy
This section will be updated in in relation to the legislative changes and recommendations / instructions.

2. GENERAL CONFIDENTIALITY POLICY

WHO WE ARE

DOBROGEA GRUP S.A. company, headquartered in Constanța, Phone: 0241.482.222, Fax: 0241.639.944, http://www.dobrogeagrup.ro; e-mail: office@dobrogeagrup.ro; e-mail address of the Data Protection Officer: dpo@dobrogeagrup.ro; is a personal operator of data collected during its legitimate business activity.

DOBROGEA GRUP collects data in many modalities and in several ways: when you contact us by phone or email, when you visit our website, when you request an offer on behalf of your employer, when you conclude new contracts on behalf of your employer or when you make us a request. We also collect data when you visit us at one of our premises or work points, as well as when you send us CVs or application for a job.

DEFINITIONS

Personal data (Data) – any information concerning an identified or identifiable natural person (the data subject); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element such as a name, an identification number, location data, an online identifier or to one or more specific elements, own physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of personal data – any information revealing racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of trade unions, genetic data, bio-metric data for the unique identification of a natural person, health data or data on the sexual life or sexual orientation of a natural person.

Processing of personal data (Processing) – any operation or set of operations carried out on personal data or on sets of personal data, with or without the use of automated means, such as collection, recording, organising, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasure or destruction.

Data subject – a natural person who can be identified, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, an online identifier or one or more specific elements to its physical, physiological, genetic, mental, economic, cultural or social identity.
Operator – the natural or legal person, the public authority, the agency or another body which, alone or together with other persons, establishes the purposes and the means of processing personal data; when the purposes and means of processing are established by Union law or national law, the operator or the specific criteria for its designation may be provided for in Union law or national law.

The person authorized by the Operator (Authorized / Processor) – the natural or legal person, the public authority, the agency or another body that processes the personal data on behalf of the operator.

Third Party – a natural or legal person, public authority, agency or body other than the data subject, the operator, the person empowered by the operator and the persons who, under the direct authority of the operator or the person empowered by the operator, are authorized to process personal data.

Consent – any manifestation of free will, specific, informed and unambiguous of the data subject by which it accepts, by a statement or an unequivocal action, that the personal data concerning it are processed.

Pseudonymization – means the processing of personal data in such a way that they can no longer be assigned to a particular data subject without using additional information, provided that such additional information is stored separately and is subject to measures of technique and organization nature to ensure the non-attribution of the respective personal data to an identified or identifiable natural person. The principles regarding the processing of personal data apply to pseudonymized data, as they represent personal data.

Anonymizationn – means the processing of personal data in such a way as to be irreversible and to transform the data so that they can no longer be attributed to a particular data subject. The principles regarding the processing of personal data do not apply to anonymised data, as they no longer represent personal data.

ANSPDCP – means the independent public supervisory authority in Romania, respectively the National Supervisory Authority for Personal Data Processing.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding the protection of individuals with regard to the processing of personal data and the free movement of such data and of repealing Directive 95/46 / EC.

OUR VISION ABOUT THE PROCESSING OF PERSONAL DATA AND THE COMMITMENTS OF DOBROGEA GRUP

The processing of personal data in DOBROGEA GRUP is always subject to the following principles:

All data processing has a valid legal basis.
All data processing is fairly done.
We inform the data subjects about the data we process, why, how and how long we process them, if and to whom we transfer them, as well as the rights they have regarding their data.
The data are collected for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes.The data are adequate, relevant and limited to what is required in relation to the purposes for which they are processed
We are concerned about using only accurate data and, if necessary, we will ensure that they are updated

The data shall be kept in a form which permits identification of data subjects for a period not exceeding the period necessary to fulfill the purposes for which the data are processed; personal data may be stored for longer periods to the extent that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the implementation of technical measures. and organizationally adequate
The data shall be processed in a manner that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures.

DOBROGEA GRUP will ensure that it respects these principles both in terms of its current activities as well as in the event that in the future it will introduce new data processing technologies, such as, but not limited to, new IT systems.

WHAT PERSONAL DATA WE PROCESS

In the activity of DOBROGEA GRUP the data subjects are informed about the personal data collected and processed in each case in which this happens (for example, when sending a job offer, when sending an offer for your employer, when receiving a CV, etc. .).
For example, if you contact us by phone, we will collect personal data on: name, surname, phone number, email address.

WHY AND HOW WE USE YOUR DATA PERSONAL CHARACTER

Your personal data is used to carry out our business activity, including to formulate offers, to conclude contracts, to process requests from our customers, to subject us to mandatory or recommended checks, to process requests made. by the competent authorities that supervise and control our activity.

We also process personal data to ensure the security of the spaces in which we operate, the goods we use for this purpose, the safety of our employees and the data and information we manage.

Your personal data is processed through the collection, registration, organization, storage, modification, consultation, use, disclosure by transmission, provision, combination, restriction, deletion, destruction, etc. Your personal data will only be subject to an automated decision-making process (including profiling) in exceptional circumstances [MP1], in which case the data subject will be informed of its existence, as well as details of this particular mode of processing.

In the activity of DOBROGEA GRUP the data subjects are informed about the personal data collected and processed in each case in which this happens (for example, when sending a job offer, when sending an offer for your employer, when receiving a CV, etc. .).

FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA
DOBROGEA GRUP aims to perform data processing taking into account at least one of the legal grounds listed below:

a) Consent – If no other basis of legality of processing provided below applies, DOBROGEA GRUP always obtains the consent of the data subject for the processing of his personal data for one or more specific purposes.

b) Execution / Conclusion of a contract – The processing is necessary for the execution by DOBROGEA GRUP of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

c) Legal obligation – The processing is necessary in order to fulfill a legal obligation incumbent on DOBROGEA GRUP.

d) Legitimate interest – The processing is necessary for the purpose of the legitimate interests pursued by DOBROGEA GRUP or by a third party, in accordance with the law.

e) Vital interest – Processing is necessary to protect the vital interests of the data subject or of another natural person.

f) Public interest – The processing is necessary for the performance of a task which serves a public interest or which results from the exercise of public authority vested in the operator.

In the case of special categories of personal data, DOBROGEA GRUP refers to the applicable legal provisions in order to always ensure a valid legal basis for processing.

TO WHOM WE TRANSMIT YOUR PERSONAL DATA

Your personal data may be passed on to third parties – occupational health care units, audit firms, outsourced IT services, competent authorities, etc. Whenever we do this, we ensure that there is a sound justification, that we will transmit only the data strictly necessary to achieve the purpose of the transmission and we will try to ensure that the recipient ensures a high standard of protection of personal data.

In case of data processing activities performed by a third party provider / supplier / partner / intermediary for the operator DOBROGEA GRUP, based on a service contract of any type concluded between DOBROGEA GRUP and the respective third party (which has the quality of personal data processor from the GDPR point of view), these contracts are concluded in writing and include a series of specific clauses, through which the respective third parties provide DOBROGEA GRUP sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing complies the requirements set out in the GDPR and to ensure the protection of the rights of the data subject.

The transfer of personal data to an international organization or to a third country to the EU and the EEA (the EEA includes both the EU and Iceland, Liechtenstein and Norway) can take place only if the organization or state to which it intends to do the transfer can ensure an adequate level of protection in accordance with the requirements of the GDPR.

The transfer of data to an international organization or to a State whose legislation does not provide for an adequate level of protection, recognized by an adequacy decision issued by the European Commission, is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of data subjects and provided that there are opposable rights and effective remedies available to the data subjects. These guarantees are established by DOBROGEA GRUP, in compliance with the GDPR, in contracts / agreements concluded with the providers / service providers to whom the data is transferred or in other legal ways, on a case-by-case basis.

HOW LONG AND HOW WE STORE YOUR PERSONAL DATA

We retain your personal data only for as long as we need or as required by applicable law.

All this time, we ensure that the data is kept safe and, in case of security breaches, we are ready to apply all technical, organizational and legal measures to limit the possible consequences and inform the ANSPDCP, as well as the data subjects, if there are risks to them.

To the extent possible, we will anonymize data that we no longer need in a manner that allows the identification of data subjects or apply pseudonymization to limit the risks regarding the personal data processed.

WHAT RIGHTS DO YOU HAVE WITH REGARD TO YOUR DATA THAT WE PROCESS

The right to access Data

Any data subject has the right to obtain from DOBROGEA GRUP, when acting in his capacity as operator, on request and free of charge for one application per year, confirmation that the data concerning him are or are not processed by him, and if so, information will be provided on: the purposes of the processing; the categories of data concerned; the recipients or categories of recipients of the data, in particular recipients from third countries or international organizations, as well as the appropriate guarantees offered in the event of such data transfer; where possible, the period for which personal data are expected to be stored or, if this is not possible, the criteria used to determine this period; the existence of the right to request DOBROGEA GRUP the rectification or deletion of data or the restriction of their processing or the right to oppose the processing; the right to file a complaint with the ANSPDCP; if the data are not collected from the data subject, any available information on their source; the existence of an automated decision-making process, including profiling, as well as relevant information on the logic used, the meaning and the expected consequences of such processing for the data subject.

The right to rectification

The data subject has the right to obtain from DOBROGEA GRUP, as data controller, without undue delay, the rectification of inaccurate personal data concerning him.
Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data which are incomplete, including by providing an additional statement….

Right to erasure of data (“right to be forgotten”)

The data subject has the right to obtain the deletion of personal data concerning him / her without undue delay, and DOBROGEA GRUP will have the obligation to delete the data without undue delay if:

a) the data are no longer necessary for the fulfillment of the purposes for which they were collected or processed;
b) the data subject withdraws his consent on the basis of which the processing takes place and there is no other legal basis for the processing;
c) personal data have been processed illegally
d) the data subject exercises his right to opposition under the conditions of GDPR;
e) the data must be deleted in order to comply with a legal obligation of the operator;
f) personal data were collected in connection with the provision of information society services to minors under the conditions of GDPR;
g) personal data were collected in connection with the provision of information society information to children under the GDPR.

DOBROGEA GRUP, as data operator, may refuse the request to delete the data under the following conditions:
a) the processing is necessary for the exercise of the right to free expression and information;
b) the processing is necessary in order to comply with a legal obligation applicable to the operator;
c) the processing is necessary for reasons related to the public interest in the field of public health, under the respective conditions imposed by the GDPR;
d) the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, under the conditions of the GDPR, insofar as the exercise of the right may make it impossible or seriously affect the achievement of the processing objectives;
e) the processing is necessary for the ascertainment, exercise or defense of a right in court.

CONFIDENTIALITY POLICY

1. REFERENCE DOCUMENTS
General Regulation on Data Protection no. 679/2016 (“GDPR”)
DOBROGEA GRUP privacy policy and protection of personal data

Analysis of the legal basis
Cookies policy
Employee privacy policy

This section will be updated in in relation to the legislative changes and recommendations / instructions.

2. GENERAL CONFIDENTIALITY POLICY

WHO WE ARE

Dobrogea Grup S.A. company, headquartered in Constanța, Phone: 0241.482.222, Fax: 0241.639.944, http://www.dobrogeagrup.ro; e-mail: office@dobrogeagrup.ro; e-mail address of the Data Protection Officer: dpo@dobrogeagrup.ro; is a personal operator of data collected during its legitimate business activity.

DOBROGEA GRUP collects data in many modalities and in several ways: when you contact us by phone or email, when you visit our website, when you request an offer on behalf of your employer, when you conclude new contracts on behalf of your employer or when you make us a request. We also collect data when you visit us at one of our premises or work points, as well as when you send us CVs or application for a job.

DEFINITIONS

Personal data (Data) – any information concerning an identified or identifiable natural person (the data subject); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element such as a name, an identification number, location data, an online identifier or to one or more specific elements, own physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of personal data – any information revealing racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of trade unions, genetic data, bio-metric data for the unique identification of a natural person, health data or data on the sexual life or sexual orientation of a natural person.

Processing of personal data (Processing) – any operation or set of operations carried out on personal data or on sets of personal data, with or without the use of automated means, such as collection, recording, organising, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasure or destruction.

Data subject – a natural person who can be identified, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, location data, an online identifier or one or more specific elements to its physical, physiological, genetic, mental, economic, cultural or social identity.

Operator – the natural or legal person, the public authority, the agency or another body which, alone or together with other persons, establishes the purposes and the means of processing personal data; when the purposes and means of processing are established by Union law or national law, the operator or the specific criteria for its designation may be provided for in Union law or national law.

The person authorized by the Operator (Authorized / Processor) – the natural or legal person, the public authority, the agency or another body that processes the personal data on behalf of the operator.

Third Party – a natural or legal person, public authority, agency or body other than the data subject, the operator, the person empowered by the operator and the persons who, under the direct authority of the operator or the person empowered by the operator, are authorized to process personal data.

Consent – any manifestation of free will, specific, informed and unambiguous of the data subject by which it accepts, by a statement or an unequivocal action, that the personal data concerning it are processed.

Pseudonymization – means the processing of personal data in such a way that they can no longer be assigned to a particular data subject without using additional information, provided that such additional information is stored separately and is subject to measures of technique and organization nature to ensure the non-attribution of the respective personal data to an identified or identifiable natural person. The principles regarding the processing of personal data apply to pseudonymized data, as they represent personal data.

Anonymization – means the processing of personal data in such a way as to be irreversible and to transform the data so that they can no longer be attributed to a particular data subject. The principles regarding the processing of personal data do not apply to anonymized data, as they no longer represent personal data.

ANSPDCP – means the independent public supervisory authority in Romania, respectively the National Supervisory Authority for Personal Data Processing.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding the protection of individuals with regard to the processing of personal data and the free movement of such data and of repealing Directive 95/46 / EC.

OUR VISION ABOUT THE PROCESSING OF PERSONAL DATA AND THE COMMITMENTS OF DOBROGEA GRUP

The processing of personal data in DOBROGEA GRUP is always subject to the following principles:

All data processing has a valid legal basis.
All data processing is fairly done.

We inform the data subjects about the data we process, why, how and how long we process them, if and to whom we transfer them, as well as the rights they have regarding their data.
The data are collected for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes.
The data are adequate, relevant and limited to what is required in relation to the purposes for which they are processed
We are concerned about using only accurate data and, if necessary, we will ensure that they are updated

The data shall be kept in a form which permits identification of data subjects for a period not exceeding the period necessary to fulfill the purposes for which the data are processed; personal data may be stored for longer periods to the extent that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the implementation of technical measures. and organizationally adequate
The data shall be processed in a manner that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures.

DOBROGEA GRUP will ensure that it respects these principles both in terms of its current activities as well as in the event that in the future it will introduce new data processing technologies, such as, but not limited to, new IT systems.

WHAT PERSONAL DATA WE PROCESS

In the activity of DOBROGEA GRUP the data subjects are informed about the personal data collected and processed in each case in which this happens (for example, when sending a job offer, when sending an offer for your employer, when receiving a CV, etc. .).

For example, if you contact us by phone, we will collect personal data on: name, surname, phone number, email address.

WHY AND HOW WE USE YOUR DATA PERSONAL CHARACTER

Your personal data is used to carry out our business activity, including to formulate offers, to conclude contracts, to process requests from our customers, to subject us to mandatory or recommended checks, to process requests made. by the competent authorities that supervise and control our activity.

We also process personal data to ensure the security of the spaces in which we operate, the goods we use for this purpose, the safety of our employees and the data and information we manage.

Your personal data is processed through the collection, registration, organization, storage, modification, consultation, use, disclosure by transmission, provision, combination, restriction, deletion, destruction, etc. Your personal data will only be subject to an automated decision-making process (including profiling) in exceptional circumstances [MP1], in which case the data subject will be informed of its existence, as well as details of this particular mode of processing.

In the activity of DOBROGEA GRUP the data subjects are informed about the personal data collected and processed in each case in which this happens (for example, when sending a job offer, when sending an offer for your employer, when receiving a CV, etc. .).

FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA
DOBROGEA GRUP
aims to perform data processing taking into account at least one of the legal grounds listed below:

a) Consent – If no other basis of legality of processing provided below applies, DOBROGEA GRUP always obtains the consent of the data subject for the processing of his personal data for one or more specific purposes.

b) Execution / Conclusion of a contract – The processing is necessary for the execution by DOBROGEA GRUP of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

c) Legal obligation – The processing is necessary in order to fulfill a legal obligation incumbent on DOBROGEA GRUP.

d) Legitimate interest – The processing is necessary for the purpose of the legitimate interests pursued by DOBROGEA GRUP or by a third party, in accordance with the law.

e) Vital interest – Processing is necessary to protect the vital interests of the data subject or of another natural person.

f) Public interest – The processing is necessary for the performance of a task which serves a public interest or which results from the exercise of public authority vested in the operator.

In the case of special categories of personal data, DOBROGEA GRUP refers to the applicable legal provisions in order to always ensure a valid legal basis for processing.

TO WHOM WE TRANSMIT YOUR PERSONAL DATA

Your personal data may be passed on to third parties – occupational health care units, audit firms, outsourced IT services, competent authorities, etc. Whenever we do this, we ensure that there is a sound justification, that we will transmit only the data strictly necessary to achieve the purpose of the transmission and we will try to ensure that the recipient ensures a high standard of protection of personal data.

In case of data processing activities performed by a third party provider / supplier / partner / intermediary for the operator DOBROGEA GRUP, based on a service contract of any type concluded between DOBROGEA GRUP and the respective third party (which has the quality of personal data processor from the GDPR point of view), these contracts are concluded in writing and include a series of specific clauses, through which the respective third parties provide DOBROGEA GRUP sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing complies the requirements set out in the GDPR and to ensure the protection of the rights of the data subject.

The transfer of personal data to an international organization or to a third country to the EU and the EEA (the EEA includes both the EU and Iceland, Liechtenstein and Norway) can take place only if the organization or state to which it intends to do the transfer can ensure an adequate level of protection in accordance with the requirements of the GDPR.

The transfer of data to an international organization or to a State whose legislation does not provide for an adequate level of protection, recognized by an adequacy decision issued by the European Commission, is possible only if there are sufficient guarantees regarding the protection of the fundamental rights of data subjects and provided that there are opposable rights and effective remedies available to the data subjects. These guarantees are established by DOBROGEA GRUP, in compliance with the GDPR, in contracts / agreements concluded with the providers / service providers to whom the data is transferred or in other legal ways, on a case-by-case basis.

HOW LONG AND HOW WE STORE YOUR PERSONAL DATA

We retain your personal data only for as long as we need or as required by applicable law.

All this time, we ensure that the data is kept safe and, in case of security breaches, we are ready to apply all technical, organizational and legal measures to limit the possible consequences and inform the ANSPDCP, as well as the data subjects, if there are risks to them.

To the extent possible, we will anonymize data that we no longer need in a manner that allows the identification of data subjects or apply pseudonymization to limit the risks regarding the personal data processed.

WHAT RIGHTS DO YOU HAVE WITH REGARD TO YOUR DATA THAT WE PROCESS

The right to access Data

Any data subject has the right to obtain from DOBROGEA GRUP, when acting in his capacity as operator, on request and free of charge for one application per year, confirmation that the data concerning him are or are not processed by him, and if so, information will be provided on: the purposes of the processing; the categories of data concerned; the recipients or categories of recipients of the data, in particular recipients from third countries or international organizations, as well as the appropriate guarantees offered in the event of such data transfer; where possible, the period for which personal data are expected to be stored or, if this is not possible, the criteria used to determine this period; the existence of the right to request DOBROGEA GRUP the rectification or deletion of data or the restriction of their processing or the right to oppose the processing; the right to file a complaint with the ANSPDCP; if the data are not collected from the data subject, any available information on their source; the existence of an automated decision-making process, including profiling, as well as relevant information on the logic used, the meaning and the expected consequences of such processing for the data subject.

The right to rectification

The data subject has the right to obtain from DOBROGEA GRUP, as data controller, without undue delay, the rectification of inaccurate personal data concerning him.
Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data which are incomplete, including by providing an additional statement.

Right to erasure of data (“right to be forgotten”)

The data subject has the right to obtain the deletion of personal data concerning him / her without undue delay, and DOBROGEA GRUP will have the obligation to delete the data without undue delay if:

a) the data are no longer necessary for the fulfillment of the purposes for which they were collected or processed;
b) the data subject withdraws his consent on the basis of which the processing takes place and there is no other legal basis for the processing;
c) personal data have been processed illegally
d) the data subject exercises his right to opposition under the conditions of GDPR;
e) the data must be deleted in order to comply with a legal obligation of the operator;
f) personal data were collected in connection with the provision of information society services to minors under the conditions of GDPR;
g) personal data were collected in connection with the provision of information society information to children under the GDPR.

DOBROGEA GRUP, as data operator, may refuse the request to delete the data under the following conditions:
a) the processing is necessary for the exercise of the right to free expression and information;
b) the processing is necessary in order to comply with a legal obligation applicable to the operator;
c) the processing is necessary for reasons related to the public interest in the field of public health, under the respective conditions imposed by the GDPR;
d) the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, under the conditions of the GDPR, insofar as the exercise of the right may make it impossible or seriously affect the achievement of the processing objectives;
e) the processing is necessary for the ascertainment, exercise or defense of a right in court.

The right to restrict processing
The data subject has the right to obtain from DOBROGEA GRUP, as data controller, the restriction of processing in the following cases:
a) the data subject disputes the accuracy of the data, for a period that allows the operator to verify the accuracy of the data;
b) the processing is illegal, and the data subject opposes the deletion of personal data, requesting in return the restriction of their use;
c) DOBROGEA GRUP no longer needs personal data for the purpose of processing, but they are necessary for the establishment, exercise or defense of a right in court;
d) the data subject has objected to the processing, for the period of time in which it is verified whether the legitimate rights of the operator prevail over those of the data subject.
e) the data subject who has obtained the processing restriction is informed by DOBROGEA GRUP before the lifting of the processing restriction.

The right of opposition
The data subject has the right beside DOBROGEA GRUP:

a) to oppose at any time, for reasons related to its particular situation, that the data concerning it be the subject of processing based on the public interest or the legitimate interest. In the event of opposition, the processing may no longer cover the data in question unless there are legitimate and compelling reasons justifying the processing which prevail over the rights of the data subject or if the purpose is to establish, exercise or defend a right in court.

b) to oppose at any time, free of charge and without any justification, that the data concerning it be processed for the purpose of direct marketing, including the creation of profiles for this purpose.
The right to data portability

The data subject has the right to DOBROGEA GRUP to receive – in a structured, commonly used and automatically readable format – the concerning personal data and which he has provided to the Company and to transmit them to another operator if:

a) the processing is based on consent or a contract; and
b) the processing is performed by automatic means.

In exercising his right to data portability, the data subject has the right to have his data transmitted directly from DOBROGEA GRUP to another operator when this is technically feasible.

The right not to be subject to an automatic decision (including profiling)
In this respect, the data subject has against DOBROGEA GRUP the right not to be subject to a decision based only on automatic processing (including profiling) and which would produce legal effects towards the data subject or which would significantly affect him.

This right shall not apply in the following exceptional situations, where the automatic decision:

a) it is necessary for the conclusion or execution of a contract between the data subject and DOBROGEA GRUP;
b) is authorized by Union or national law applicable to DOBROGEA GRUP and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or
c) is based on the explicit consent of the data subject.

În situațiile de la literele a) și c) din prezentul paragraf, DOBROGEA GRUP are obligația de a implementa măsurile corespunzătoare pentru protejarea drepturilor, libertăților și intereselor legitime ale persoanei vizate, cel puțin dreptul acesteia de a obține intervenție umană din partea operatorului, de a-și exprima punctul de vedere și de a contesta decizia.

The right to withdraw consent

If the processing of data is based on your consent, you can withdraw your consent, in which case we will immediately stop processing your personal data. Withdrawal of consent will not affect the processing until then.
To exercise any of these rights, please contact the Data Protection Officer at the email address dpo@dobrogeagrup.ro or by sending a request to DOBROGEA GRUP S.A., tel. 0241.482.222, Fax: 0241.639.944.

The right to go to court and / or ANSPDCP

The data subject whose personal data are processed by DOBROGEA GRUP has:

a) the right to file a complaint with ANSPDCP (National Authority for the Supervision of Personal Data Processing, headquarters: Bucharest, 28-30 Gen. Gheorghe Magheru Blvd., sector 1, CP 010336; Telephone: 40.318.05.92.11, Fax: 40.318.05.96.02 email: anspdcp@dataprotection.ro, website: www.dataprotection.ro) if the data subject considers that the processing of his data is done in violation of GDPR;

b) the right to take legal action if the data subject considers that the processing of his data is done in violation of the GDPR.

3. SPECIFIC FORMS
3.1. Consent and transparency form for http://dobrogeagrup.ro/contact/
I hereby confirm that I have read the Information on the processing of my personal data and I express my consent to the processing of my personal data in order to receive a response to the request for which I have contacted you.
I understand that, if I do not give my consent by ticking, this form will not send my data to DOBROGEA GRUP and I will not be able to be contacted according to my request.
⃝ I hereby confirm that I have read the Information regarding the processing of my personal data and I express my consent for the processing of my personal data for the receipt of information and offers and for other products and / or services offered by DOBROGEA GRUP [MP2].
information
Who we are
The personal data operator is DOBROGEA GRUP S.A., headquartered in Constanța, Telephone: 0241.482.222, Fax: 0241.639.944; email Responsible for Data Protection: dpo@dobrogeagrup.ro.
The purposes and basis for the processing of your personal data
DOBROGEA GRUP processes your data provided through this form in order to send you a response to the request or the subject for which you contacted us, as well as to contact you to request more details necessary to solve the request. We rely on your consent for this purpose.

DOBROGEA GRUP also processes your data provided through this form in order to send you information and offers for other products and / or services offered by DOBROGEA GRUP. We rely on your consent for this purpose, which is requested separately. If you do not wish to receive such information and offers for products and / or services other than those for which you have contacted us, do not tick the appropriate box and we will limit our response to you to the problem for which you have contacted us [ MP3].
Your data collected through this form is not subject to automated decision-making, including profiling. [MP4]

To whom we transmit your personal data

We may pass on your personal data collected through this form to business partners or intermediaries (audit firms, outsourced companies for IT services, etc.), as well as to entities such as competent public authorities, etc. to be able to resolve your request.

Your data is not transferred to third countries or international organizations outside the European Economic Area.
For what period we process your data collected through this form
We keep your data strictly for the period necessary to resolve your request, as well as to prove how to resolve it later, for example, in the event of a court action.
If we process your data on another basis (for example, we will enter into a contract), we will retain your data in accordance with applicable law.

What rights do you have?

You can exercise at any time the right to access, rectify or delete data, to restrict processing or to object to the processing, the right to portability, and the right not to be subject to an automatic decision.
You can also withdraw your consent, in which case we will immediately stop processing your personal data. This may result in your inability to comply with your request. Withdrawal of consent will not affect processing until then.
In order to exercise these rights, you can contact our company at the contact details mentioned above.
Also, regarding the processing of your personal data, you have the right to file a complaint with the National Authority for the Supervision of Personal Data Processing (www.dataprotection.ro).

For further information
Please read the Subscriber’s Privacy and Personal Data Processing Policy, posted here.
3.2. Consent and transparency for for http://dobrogeagrup.ro/angajam/

4. VALIDITY AND MANAGEMENT OF THE DOCUMENT
This document enters into force on May 25, 2018.
The person responsible for implementing this document is the Data Protection Officer (DPO), who will review this document at least once a year or whenever necessary. The DPO will be seconded in the implementation procedure by the IT manager.

COOKIE POLICY

APPLICABILITY, PURPOSE, ADDRESSABILITY

This policy applies to any use of cookies and other online identifiers (information stored in a user’s terminal equipment or browser) in connection with personal data processing activities.

The purpose of this policy is to provide sufficient information about the types of cookies / online identifiers used and about the purpose for which they are used, with reference to the processing of personal data.

The purpose of this policy is to provide sufficient information about the types of cookies / online identifiers used and about the purpose for which they are used, with reference to the processing of personal data.

This policy will allow the company to comply with legal obligations and ensure a better relationship with data subjects.
This policy must be known by all users of the site.

REFERENCE DOCUMENTS
General Regulation on Data Protection no. 679/2016 (“GDPR”)
E-Privacy Directive 2002/58 / EC
Law no. 506/2004, amended
Website privacy policy
Model for analyzing the legal basis of processing
Opinions issued by Working Party 29 regarding cookies
DEFINITIONS
The definitions of the following terms used in this document are in accordance with those indicated in the legislation:
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of personal data means any personal data revealing racial or ethnic origin, political opinions, religious denominations or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on the sexual life or sexual orientation of an individual.

Processing / processing activity means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction.

Operator means the natural or legal person, public authority, agency or other body which, alone or together with others, sets out the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law.

Processor / Person empowered by the controller means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller<

User means the natural person who benefits from an electronic communications service intended for the public, without necessarily having the quality of subscriber of this service.

Traffic data means any data processed for the purpose of transmitting a communication through an electronic communications network or for the purpose of invoicing the value of this operation.

Equipment identification data means technical data of the providers of communications services for public and of the provider of electronic communications networks for public , which allow to identify the location of their communications equipment, processed for the purpose of transmitting a communication through an electronic communications network or for the purpose of invoicing the equivalent value of this operation.

Location data means any data processed in an electronic communications network or through an electronic communications service, which indicates the geographical position of the terminal equipment of the user of an electronic communications service intended for the public.

Communication means any information exchanged or transmitted between a specified number of participants via an electronic communications service intended for the public; it does not include information transmitted to the public via an electronic communications network as part of an audiovisual program service, in so far as no link can be established between the information in question and the identifiable subscriber or user receiving it.

WHAT DOES THE TERM “COOKIE” MEAN AND WHAT IMPACT DOES IT HAVE ON DATA PROTECTION?
An “Internet Cookie” (also called a browser cookie or HTTP cookie or simply a cookie) is a small file, consisting of letters and numbers, that will be stored on the computer, mobile terminal or other equipment of a user from which the website is accessed.

The term COOKIE is commonly used to refer to indicators and markers submitted and read, for example, when consulting a website, reading an e-mail, installing or using software or a mobile application. This happens regardless of the type of terminal used, such as a computer, smartphone, tablet, video game console, etc., that are connected to the Internet.

As such, the term “cookie” includes, for example:

HTTP cookies
“flash” cookies
the result of the calculation of fingerprints in the case of “fingerprints” (calculation of a unique identifier of the machine based on the elements in its configuration, for tracking)
invisible pixels or “web bugs”
any other identifier generated by software or an operating system, etc.

We specify that cookies are assimilated, from the point of view of the applicable legal regime, and other online identifiers.

What is the problem with data protection? When browsing the Internet or using mobile applications, users are increasingly followed by different actors (service providers, advertisers, social networks, etc.) who analyze their browsing, Internet movements and habits of consultation or consumption, in especially to provide them with targeted advertising or personalized services. This tracking is done through various technologies, of which the most widespread today is that of “cookies” or other online identifiers. Such activities represent the processing of personal data and are regulated accordingly.

GENERAL RULES FOR THE USE OF COOKIES
If DOBROGEA GRUP intends to use cookies, the user must be informed about:
the fact that the site uses cookies
what type of cookies are used
who are the entities that process cookies, what are their contact and DPO data
the purposes of using cookies for the site (these will be detailed)
the need to obtain consent prior to the use / installation of cookies
why third parties may use cookies on that site (if applicable to the actual situation)
if the data collected through cookies is used for an automated decision-making process, including profiling
to which entities the data collected through cookies could be transferred
what kind of personal data are collected by cookies
how those cookies affect the security and confidentiality of personal data
how to manage those cookies using your browser settings
why cookies are important and how they can be uninstalled (possibility to oppose the use of cookies)
the consequences of refusing to use / accept cookies
cookie retention period
the rights of data subjects
reference to the General Privacy Policy on the website
DOBROGEA GRUP is free to use various methods to obtain consent to use cookies / identifiers online, as long as it can demonstrate that consent is valid by reference to the provisions of European legislation (see also Model for analysis of the legal basis of processing).

In principle, as long as the data subject has not been informed in advance and has not expressed his consent, DOBROGEA GRUP will not place or read cookies / identifiers online on the data subject’s terminal, except for cookies for which no consent is required. in advance (cookies that do not collect any personal data, if any).

For example, you need to obtain consent for: cookies related to advertising operations, social network cookies generated by social network share buttons when collecting personal data without the consent of data subjects, some cookies for measuring audience or data analytics etc.

DESCRIPTION OF THE POLICY FOR THE USE OF COOKIES BY DOBROGEA GROUP
6.1. Notification of the use of cookies

The site may visibly display a link to a designated location, showing all types of cookies / online identifiers used, as well as other necessary information about them (see Chapter 5.).

Notification of the use of cookies and other online identifiers can be done by the following methods:
use of a particular type of banner:
permanently – it does not disappear unless the user clicks on it to indicate consent – this is advisable
temporarily – it disappears if the user clicks on any other part of the site – not recommended
with limited time – it is displayed for a predefined period of time, and does not disappear within that time period regardless of the user’s actions – not recommended
a link in the header or footer of the site – in this case the information about cookies is contained by another web page that can be accessed from the header or from the footer – advisable only if it is clearly visible (for the first visit) and advisable to be kept permanently active (for subsequent visits of the same user)
use of both of the measures indicated above
A minimum of information required is:
description of online cookies / identifiers
the purpose (s) of cookies / online identifiers
indication if there are third party cookies or if there is access of third parties to the personal data collected by cookies on the site
other details about third party cookies
retention period – the expiration date of a cookie
other necessary technical information
button to accept the respective type of cookie, which is not pre-checked; if the acceptance, rejection or personalization of the online cookie / identifier is done on a third party website, clear information is inserted and a link to the personalization page
informing users on how to change their preferences in the future
the other information referred to in Chapter 5

6.2.2. Timing
Consent must be given before installing or reading an online cookie / identifier. As a result, the site must develop technical solutions to present a consent solution by which no cookies are installed on the user’s equipment (except those that would not require the user’s consent) before that user has expressed consent to that cookie

6.2.3. Active Choice
The procedure by which users can indicate consent must be a positive action or other active behavior (“opt-in”). Users can indicate their consent (if they have received information about cookies), in or near the space where the information was presented, by:

click on a button or link
ticking a box
Active behavior means an action that the user can take, normally one that can be proven as a request from the user / client to the site, such as a click on a link, image or other content on the home page . The information must be presented to the user in a way that leads to the conclusion that the user is very likely to have understood it. Therefore, the fact that the button, link or box is either inside or near the location where the information is presented, is essential to meet the requirement that the user can easily link the action and the information posted.
The absence of active behavior (for example, silence and continued navigation) cannot be considered valid consent

6.2.4 Free Choice – Consent freely given
The user must be able to freely choose between the option to accept all or only some cookies / online identifiers or to reject all or only some of the cookies and to maintain the possibility to change the cookie settings in the future. It is recommended not to implement a consent mechanism that gives the user only the option to give consent in general, but does not offer another option regarding some or all cookies.

Example
You can ensure the existence of a page of “additional information on cookies and other online identifiers” that allows the user to set / customize cookies.
At this stage, it is advisable to propose to the user a solution that will allow him to make choices. This solution, which is legible on all types of terminals, must inform the user in a clear and concise manner about what the cookie / online identifier is and give him the opportunity to express his choice, after the description the purpose of each cookie family.
For example, this second step can be displayed on the user’s screen in the following way:
When you browse our site, certain information may be recorded or read in your terminal, subject to your choice.
Do you accept the submission and reading of cookies with the aim that we (Societatea DOBROGEA GRUP SA) and our partners can analyze the topics of interest to you in order to offer you personalized advertising?
☐ Yes
☐ No.
Do you accept the deposit and reading of cookies in order to analyze your browsing and allow us to measure the audience of our website?
☐ Yes
☐ No.
You accept the deposit and / or reading of cookies in order to allow you to share content on our site with other people or to make known to those other people your consultation of our site or your opinion (e.g. , the “Like” button on Facebook)?
☐ Yes
☐ No.
Given that a consent should not be ambiguous, this heading should not disappear as long as the data subject has not expressed his / her choice.
The fact that the user has accessed the page with “Additional information about cookies” does not equate to the existence of a valid consent for the submission of cookies if he has not given consent.

6.3. The lifespan of cookies

The lifespan of cookies is between 1-2 years. However, taking into account the purpose of a particular cookie, a different lifespan can be set. This will have to be informed to the data subject

6.4. Indication of the types of cookies used

It must be indicated if:
first party cookie – cookie placed by the site consulted by the user
third party cookie – a cookie placed by a site that belongs to another domain, different from the one visited by the user, or by a separate operator from the one that operates the site visited by the user
session cookie – a cookie that is automatically deleted when the user closes the browser
persistent cookie – a cookie that remains stored in the user’s terminal for a certain period of time, etc.

6.5. Indication of the purpose of each cookie used

The indication of the purpose of each cookie used can be done in the following ways:
either link to the developer of that type of cookie
or an accurate description of the purpose of that type of cookie
In this sense, you can use the following table indicated as a model (with examples of cookies).
Nature Cookie Name Cookie Purpose Cookie Type Cookie Delete Cookie Options
Universal Analytics
(Google)
_ga
_gali
_gat_UA-1036645-1
_gid
These cookies are used to collect information about how visitors use the site. Cookies collect information in an anonymous way, including the number of visitors to the site, where visitors came from and what pages they visited. Read Google’s overview of privacy and safeguarding data
ASP.NET_SessionId security breach notification form This cookie is essential for the functionality of the breach notification form – the form that electronic communications service providers notify… .. about security breaches -. This cookie is deleted when the browser is closed.
Visit https://msdn.microsoft.com/en-us/library/z1hkazw7.asp

6.6 Control granted to users in connection with the use of cookies

The control granted to users can be performed either by one or a combination of some of the following modalities:
a tool that provides a high degree of user control over a particular type or category of cookie
browser settings – these are possibilities available to any user, but the steps for setting must be clearly presented and easily accessible
It is recommended to use a high level of control granted to users by offering them the possibility to accept or reject certain types or categories of cookies.
An example of a usable tool is https://www.cookiebot.com/en/. We draw your attention in particular that the information about cookies must be provided in the language of the site, ie always (and) in Romanian.

7. VALIDITY AND MANAGEMENT OF THE DOCUMENT
This document enters into force on May 25, 2018.

The person responsible for this document is the Data Protection Officer (DPO) and the managers of the IT and Marketing departments, who will review this document at least once a year, or whenever necessary, and will modify the website/websites accordingly.